Skip to content

Spring 中文文档社区
Spring 中文文档社区

syhp1982 / Spring 中文文档社区
与 Fork 源项目一致

Fork自 开发云 / Spring 中文文档社区

通知 1
Star 0
Fork 0
Spring 中文文档社区
Spring 中文文档社区

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
servlet-test-mockmvc-result-matchers.md 3.0 KB
Newer Older
茶陵後's avatar
#18 [skip ci] spring-security  
茶陵後 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 
## SecurityMockMvcResultMatchers

At times it is desirable to make various security related assertions about a request.
To accommodate this need, Spring Security Test support implements Spring MVC Test’s `ResultMatcher` interface.
In order to use Spring Security’s `ResultMatcher` implementations ensure the following static import is used:

Java

```
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*;
```

Kotlin

```
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.*
```

### Unauthenticated Assertion

At times it may be valuable to assert that there is no authenticated user associated with the result of a `MockMvc` invocation.
For example, you might want to test submitting an invalid username and password and verify that no user is authenticated.
You can easily do this with Spring Security’s testing support using something like the following:

Java

```
mvc
	.perform(formLogin().password("invalid"))
	.andExpect(unauthenticated());
```

Kotlin

```
mvc
    .perform(formLogin().password("invalid"))
    .andExpect { unauthenticated() }
```

### Authenticated Assertion

It is often times that we must assert that an authenticated user exists.
For example, we may want to verify that we authenticated successfully.
We could verify that a form based login was successful with the following snippet of code:

Java

```
mvc
	.perform(formLogin())
	.andExpect(authenticated());
```

Kotlin

```
mvc
    .perform(formLogin())
    .andExpect { authenticated() }
```

If we wanted to assert the roles of the user, we could refine our previous code as shown below:

Java

```
mvc
	.perform(formLogin().user("admin"))
	.andExpect(authenticated().withRoles("USER","ADMIN"));
```

Kotlin

```
mvc
    .perform(formLogin())
    .andExpect { authenticated().withRoles("USER","ADMIN") }
```

Alternatively, we could verify the username:

Java

```
mvc
	.perform(formLogin().user("admin"))
	.andExpect(authenticated().withUsername("admin"));
```

Kotlin

```
mvc
    .perform(formLogin().user("admin"))
    .andExpect { authenticated().withUsername("admin") }
```

We can also combine the assertions:

Java

```
mvc
	.perform(formLogin().user("admin"))
	.andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN"));
```

Kotlin

```
mvc
    .perform(formLogin().user("admin"))
    .andExpect { authenticated().withUsername("admin").withRoles("USER", "ADMIN") }
```

We can also make arbitrary assertions on the authentication

Java

```
mvc
	.perform(formLogin())
	.andExpect(authenticated().withAuthentication(auth ->
		assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
```

Kotlin

```
mvc
    .perform(formLogin())
    .andExpect {
        authenticated().withAuthentication { auth ->
            assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken::class.java) }
        }
    }
```

[Security RequestBuilders](request-builders.html)[Security ResultHandlers](result-handlers.html)